From 9bac6da6c934e92597a93efd64587466c8cf244b Mon Sep 17 00:00:00 2001 From: Daniel Heule Date: Mon, 9 Jun 2014 15:42:17 +0200 Subject: [PATCH 01/27] bugfix emerge type for slotted packages --- .../conf/type/__package_emerge/gencode-remote | 26 ++++++++++++------- 1 file changed, 16 insertions(+), 10 deletions(-) diff --git a/cdist/conf/type/__package_emerge/gencode-remote b/cdist/conf/type/__package_emerge/gencode-remote index d4cee37e..f72d982a 100644 --- a/cdist/conf/type/__package_emerge/gencode-remote +++ b/cdist/conf/type/__package_emerge/gencode-remote @@ -33,26 +33,32 @@ else state_should="present" fi +if [ -f "$__object/parameter/version" ]; then + version="$(cat "$__object/parameter/version")" +else + version="" +fi + +if [ ! -z "$version" ]; then + name="=$name-$version" +fi + pkg_version="$(cat "$__object/explorer/pkg_version")" if [ -z "$pkg_version" ]; then state_is="absent" -elif [ $(echo "$pkg_version" | wc -l) -gt 1 ]; then +elif [ ! -z "$version" -a $(echo "$pkg_version" | wc -l) -gt 1 ]; then + echo "Package name is not unique! The following packages are installed:" + echo "$pkg_version" + exit 1 +elif [ -z "$version" -a $(echo "$pkg_version" | cut -d " " -f 1 | sort | uniq | wc -l) -gt 1 ]; then echo "Package name is not unique! The following packages are installed:" echo "$pkg_version" exit 1 else state_is="present" - installed_version="$(echo "$pkg_version" | cut -d " " -f 2)" + installed_version="$(echo "$pkg_version" | cut -d " " -f 2 | tail -n 1)" fi -if [ -f "$__object/parameter/version" ]; then - version="$(cat "$__object/parameter/version")" - if [ ! -z "$version" ]; then - name="=$name-$version" - fi -else - version="" -fi # Exit if nothing is needed to be done [ "$state_is" = "$state_should" ] && ( [ -z "$version" ] || [ "$installed_version" = "$version" ] ) && exit 0 From e87b26f2de9de29daec0403a1d226b6f027c7a29 Mon Sep 17 00:00:00 2001 From: Jake Guffey Date: Tue, 9 Sep 2014 17:10:32 -0400 Subject: [PATCH 02/27] Introduce __package_pkgng_freebsd type Create __package_pkgng_freebsd type to handle package management via pkg-ng Add requirement generation in __package/manifest Add explorer inside __package to find if pkg-ng is installed on the target --- .../conf/type/__package/explorer/pkgng_exists | 31 ++++ cdist/conf/type/__package/manifest | 9 +- .../explorer/pkg_version | 37 +++++ .../__package_pkgng_freebsd/gencode-remote | 134 ++++++++++++++++++ .../type/__package_pkgng_freebsd/man.text | 97 +++++++++++++ .../__package_pkgng_freebsd/parameter/boolean | 1 + .../parameter/optional | 5 + 7 files changed, 313 insertions(+), 1 deletion(-) create mode 100755 cdist/conf/type/__package/explorer/pkgng_exists create mode 100755 cdist/conf/type/__package_pkgng_freebsd/explorer/pkg_version create mode 100755 cdist/conf/type/__package_pkgng_freebsd/gencode-remote create mode 100644 cdist/conf/type/__package_pkgng_freebsd/man.text create mode 100644 cdist/conf/type/__package_pkgng_freebsd/parameter/boolean create mode 100644 cdist/conf/type/__package_pkgng_freebsd/parameter/optional diff --git a/cdist/conf/type/__package/explorer/pkgng_exists b/cdist/conf/type/__package/explorer/pkgng_exists new file mode 100755 index 00000000..7c4f2256 --- /dev/null +++ b/cdist/conf/type/__package/explorer/pkgng_exists @@ -0,0 +1,31 @@ +#!/bin/sh +# +# 2014 Jake Guffey (jake.guffey at eprotex.com) +# +# This file is part of cdist. +# +# cdist is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# cdist is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with cdist. If not, see . +# +# +# Retrieve the status of a package - parsed dpkg output +# + +if [ "$(cat "$__global/explorer/os")" = "freebsd" ]; then + if command -v pkg >&-; then + printf "pkg-ng installed" + else + printf "pkg-ng not found" + fi +fi + diff --git a/cdist/conf/type/__package/manifest b/cdist/conf/type/__package/manifest index 0ebf0099..2e085158 100755 --- a/cdist/conf/type/__package/manifest +++ b/cdist/conf/type/__package/manifest @@ -33,7 +33,14 @@ else amazon|centos|fedora|redhat) type="yum" ;; archlinux) type="pacman" ;; debian|ubuntu) type="apt" ;; - freebsd) type="pkg_freebsd" ;; + freebsd) + exists="$(cat "$__object/explorer/pkgng_exists")" + if [ "$exists" = "pkg-ng installed" ]; then + type="pkgng_freebsd" + else + type="pkg_freebsd" + fi + ;; gentoo) type="emerge" ;; suse) type="zypper" ;; openwrt) type="opkg" ;; diff --git a/cdist/conf/type/__package_pkgng_freebsd/explorer/pkg_version b/cdist/conf/type/__package_pkgng_freebsd/explorer/pkg_version new file mode 100755 index 00000000..fe940724 --- /dev/null +++ b/cdist/conf/type/__package_pkgng_freebsd/explorer/pkg_version @@ -0,0 +1,37 @@ +#!/bin/sh +# +# 2012 Jake Guffey (jake.guffey at eprotex.com) +# +# This file is part of cdist. +# +# cdist is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# cdist is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with cdist. If not, see . +# +# +# Retrieve the status of a package - parsed dpkg output +# + +if [ -f "$__object/parameter/name" ]; then + name="$(cat "$__object/parameter/name")" +else + name="$__object_id" +fi + +# Don't produce "no pkgs installed" output -- breaks things +PKG_OUTPUT=$(pkg info 2>&1) +echo -n "$(echo "$PKG_OUTPUT" \ + | awk '{print $1}' \ + | sed 's/^\(.*\)-\([^-]*\)$/name:\1 ver:\2/g' \ + | grep "name:$name ver:" \ + | sed 's/^.*ver:\(.*\)/\1/g')" + diff --git a/cdist/conf/type/__package_pkgng_freebsd/gencode-remote b/cdist/conf/type/__package_pkgng_freebsd/gencode-remote new file mode 100755 index 00000000..36af987b --- /dev/null +++ b/cdist/conf/type/__package_pkgng_freebsd/gencode-remote @@ -0,0 +1,134 @@ +#!/bin/sh +# +# 2012 Jake Guffey (jake.guffey at eprotex.com) +# +# This file is part of cdist. +# +# cdist is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# cdist is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with cdist. If not, see . +# +# +# Manage packages with pkg on FreeBSD +# + +# Debug +#exec >&2 +#set -x + +if [ -f "$__object/parameter/name" ]; then + name="$(cat "$__object/parameter/name")" +else + name="$__object_id" +fi + +if [ -f "$__object/parameter/flavor" ]; then + flavor="$(cat "$__object/parameter/flavor")" +fi + +if [ -f "$__object/parameter/version" ]; then + version="$(cat "$__object/parameter/version")" +fi + +if [ -f "$__object/parameter/upgrade" ]; then + upgrade="true" +else + upgrade="false" +fi + +if [ -f "$__object/parameter/repo" ]; then + repo="$(cat "$__object/parameter/repo")" +fi + +if [ -f "$__object/parameter/state" ]; then + state="$(cat "$__object/parameter/state")" +else + state="present" +fi +curr_version="$(cat "$__object/explorer/pkg_version")" +add_cmd="pkg install -y" +rm_cmd="pkg delete -y" +upg_cmd="pkg upgrade -y" +cmd="" + +# Print the command to be executed +# Parms: $1 -- mode, "rm", "add", or "upg" +# $2 -- the command to be echoed +execcmd(){ + local _cmd="" + + case "$1" in + add) + _cmd="${add_cmd} $2" + ;; + rm) + _cmd="${rm_cmd} $2" + ;; + upg) + _cmd="${upg_cmd} $2" + ;; + *) + printf "Error. Don't understand command: %s" "$1" >&2 + exit 1 + ;; + esac + + echo "$_cmd 2>&- >&-" # Silence the output of the command + echo "status=\$?" + echo "if [ \"\$status\" -ne \"0\" ]; then" + echo " echo \"Error: ${_cmd} exited nonzero with \$status\"'!' >&2" + echo " exit 1" + echo "fi" +} + +if [ -n "$curr_version" ]; then # PKG *is* installed + if [ -n "$repo" ]; then + cmd="-r ${repo} ${name}" + else + cmd="${name}" + fi + if [ -n "$flavor" ]; then + cmd="${cmd}-${flavor}" + fi + if [ "$state" = "absent" ]; then + execcmd "rm" "${cmd}" + elif [ "$version" != "$curr_version" ]; then + if [ "$upgrade" = "true" ]; then + execcmd "upg" "${cmd}" + else + printf "Version %s is already installed and pkg-ng can't upgrade directly to version %s.\nTo upgrade to the latest version, use the --upgrade flag.\n" "$curr_version" "$version" >&2 + exit 1 + fi + fi +else # PKG *isn't* installed + if [ "$state" = "absent" ]; then # Shouldn't be installed + exit 0 + else # Should be installed + if [ -n "$repo" ]; then + cmd="-r ${repo} ${name}" + else + cmd="${name}" + fi + if [ -n "$flavor" ]; then + cmd="${cmd}-${flavor}" + fi + if [ -n "$version" ]; then + cmd="${cmd}-${version}" + fi + + execcmd "add" "$cmd" + exit 0 + fi +fi + +# Debug +#set +x diff --git a/cdist/conf/type/__package_pkgng_freebsd/man.text b/cdist/conf/type/__package_pkgng_freebsd/man.text new file mode 100644 index 00000000..da44da83 --- /dev/null +++ b/cdist/conf/type/__package_pkgng_freebsd/man.text @@ -0,0 +1,97 @@ +cdist-type__package_pkgng_freebsd(7) +================================== +Jake Guffey + + +NAME +---- +cdist-type__package_pkgng_freebsd - Manage FreeBSD packages with pkg-ng + + +DESCRIPTION +----------- +This type is usually used on FreeBSD to manage packages. + + +REQUIRED PARAMETERS +------------------- +None + + +OPTIONAL PARAMETERS +------------------- +name:: + If supplied, use the name and not the object id as the package name. + +flavor:: + If supplied, use to avoid ambiguity. + +version:: + If supplied, use to install a specific version of the package named. + +repo:: + If supplied, use to install the package named from a particular repo. + +state:: + Either "present" or "absent", defaults to "present" + + +BOOLEAN PARAMETERS +------------------ +upgrade:: + If supplied, allow upgrading to the latest version of a package. + + +CAVEATS +------- +This type requires that repository definitions already exist in /etc/pkg/*.conf. +Ensure that they exist prior to use of this type with __file. + +pkg-ng can't upgrade a package to a specific version. If this type needs to +upgrade a package, it can only ugprade to the latest available version. If the +"upgrade" parameter is not given and an upgrade needs to occur, an error will result. + + +MESSAGES +-------- +install:: + The package was installed +remove:: + The package was removed +upgrade:: + The package was upgraded +exist:: + The package was already present and thus not installed + + +EXAMPLES +-------- + +-------------------------------------------------------------------------------- +# Ensure zsh is installed +__package_pkgng_freebsd zsh --state present + +# Ensure vim is installed, use flavor no_x11 +__package_pkgng_freebsd vim --state present --flavor no_x11 + +# If you don't want to follow pythonX packages, but always use python +__package_pkgng_freebsd python --state present --name python2 + +# Install a package from a particular repository when multiples exist +__package_pkgng_freebsd bash --state present --repo myrepo + +# Remove obsolete package +__package_pkgng_freebsd puppet --state absent +-------------------------------------------------------------------------------- + + +SEE ALSO +-------- +- cdist-type(7) +- cdist-type__package(7) + + +COPYING +------- +Copyright \(C) 2014 Jake Guffey. Free use of this software is +granted under the terms of the GNU General Public License version 3 (GPLv3). diff --git a/cdist/conf/type/__package_pkgng_freebsd/parameter/boolean b/cdist/conf/type/__package_pkgng_freebsd/parameter/boolean new file mode 100644 index 00000000..007ead00 --- /dev/null +++ b/cdist/conf/type/__package_pkgng_freebsd/parameter/boolean @@ -0,0 +1 @@ +upgrade \ No newline at end of file diff --git a/cdist/conf/type/__package_pkgng_freebsd/parameter/optional b/cdist/conf/type/__package_pkgng_freebsd/parameter/optional new file mode 100644 index 00000000..6e67f838 --- /dev/null +++ b/cdist/conf/type/__package_pkgng_freebsd/parameter/optional @@ -0,0 +1,5 @@ +name +flavor +version +repo +state From 37a8b4af2b75ee19c76fe70855ea6941888469f8 Mon Sep 17 00:00:00 2001 From: Jake Guffey Date: Wed, 10 Sep 2014 15:54:13 -0400 Subject: [PATCH 03/27] Minor fixes Fixed pkgng_exists explorer (can't reference $__global) Fixed logic in __package/pkgng_freebsd/gencode-remote Wasn't installing package if it already exists, but after explorer execution --- cdist/conf/type/__package/explorer/pkgng_exists | 4 +++- cdist/conf/type/__package_pkgng_freebsd/gencode-remote | 7 ++++++- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/cdist/conf/type/__package/explorer/pkgng_exists b/cdist/conf/type/__package/explorer/pkgng_exists index 7c4f2256..d0919243 100755 --- a/cdist/conf/type/__package/explorer/pkgng_exists +++ b/cdist/conf/type/__package/explorer/pkgng_exists @@ -21,7 +21,9 @@ # Retrieve the status of a package - parsed dpkg output # -if [ "$(cat "$__global/explorer/os")" = "freebsd" ]; then +# Can't access $__global/explorer/os from here, so recreate the functionality +# because there's no point in executing this explorer on non-FreeBSD targets. +if [ $(uname) = "FreeBSD" ]; then if command -v pkg >&-; then printf "pkg-ng installed" else diff --git a/cdist/conf/type/__package_pkgng_freebsd/gencode-remote b/cdist/conf/type/__package_pkgng_freebsd/gencode-remote index 36af987b..a7ae8b58 100755 --- a/cdist/conf/type/__package_pkgng_freebsd/gencode-remote +++ b/cdist/conf/type/__package_pkgng_freebsd/gencode-remote @@ -99,15 +99,20 @@ if [ -n "$curr_version" ]; then # PKG *is* installed if [ -n "$flavor" ]; then cmd="${cmd}-${flavor}" fi + # PKG is supposed to be removed if [ "$state" = "absent" ]; then execcmd "rm" "${cmd}" - elif [ "$version" != "$curr_version" ]; then + # PKG is supposed to be installed to a particular version + elif [ -n "$version" ] && [ "$version" != "$curr_version" ]; then if [ "$upgrade" = "true" ]; then execcmd "upg" "${cmd}" else printf "Version %s is already installed and pkg-ng can't upgrade directly to version %s.\nTo upgrade to the latest version, use the --upgrade flag.\n" "$curr_version" "$version" >&2 exit 1 fi + # PKG is supposed to be installed to the latest version + else + : # Do nothing. fi else # PKG *isn't* installed if [ "$state" = "absent" ]; then # Shouldn't be installed From 6eff4bb898a7ea7d8bcfd9cd23a3193f9fb6b80a Mon Sep 17 00:00:00 2001 From: Jake Guffey Date: Wed, 17 Sep 2014 17:43:29 -0400 Subject: [PATCH 04/27] Implemented telmich's suggestions Using $($__explorer/os), command -v directly Fix spacing Fix copyright year --- .../conf/type/__package/explorer/pkgng_exists | 10 ++----- cdist/conf/type/__package/manifest | 3 +- .../explorer/pkg_version | 2 +- .../__package_pkgng_freebsd/gencode-remote | 30 +++++++++---------- 4 files changed, 19 insertions(+), 26 deletions(-) diff --git a/cdist/conf/type/__package/explorer/pkgng_exists b/cdist/conf/type/__package/explorer/pkgng_exists index d0919243..355c5d65 100755 --- a/cdist/conf/type/__package/explorer/pkgng_exists +++ b/cdist/conf/type/__package/explorer/pkgng_exists @@ -21,13 +21,7 @@ # Retrieve the status of a package - parsed dpkg output # -# Can't access $__global/explorer/os from here, so recreate the functionality -# because there's no point in executing this explorer on non-FreeBSD targets. -if [ $(uname) = "FreeBSD" ]; then - if command -v pkg >&-; then - printf "pkg-ng installed" - else - printf "pkg-ng not found" - fi +if [ "$($__explorer/os)" = "freebsd" ]; then + command -v pkg fi diff --git a/cdist/conf/type/__package/manifest b/cdist/conf/type/__package/manifest index 2e085158..3e8928c0 100755 --- a/cdist/conf/type/__package/manifest +++ b/cdist/conf/type/__package/manifest @@ -34,8 +34,7 @@ else archlinux) type="pacman" ;; debian|ubuntu) type="apt" ;; freebsd) - exists="$(cat "$__object/explorer/pkgng_exists")" - if [ "$exists" = "pkg-ng installed" ]; then + if [ -n "$(cat "$__object/explorer/pkgng_exists")" ]; then type="pkgng_freebsd" else type="pkg_freebsd" diff --git a/cdist/conf/type/__package_pkgng_freebsd/explorer/pkg_version b/cdist/conf/type/__package_pkgng_freebsd/explorer/pkg_version index fe940724..947857b9 100755 --- a/cdist/conf/type/__package_pkgng_freebsd/explorer/pkg_version +++ b/cdist/conf/type/__package_pkgng_freebsd/explorer/pkg_version @@ -1,6 +1,6 @@ #!/bin/sh # -# 2012 Jake Guffey (jake.guffey at eprotex.com) +# 2014 Jake Guffey (jake.guffey at eprotex.com) # # This file is part of cdist. # diff --git a/cdist/conf/type/__package_pkgng_freebsd/gencode-remote b/cdist/conf/type/__package_pkgng_freebsd/gencode-remote index a7ae8b58..39965aca 100755 --- a/cdist/conf/type/__package_pkgng_freebsd/gencode-remote +++ b/cdist/conf/type/__package_pkgng_freebsd/gencode-remote @@ -1,6 +1,6 @@ #!/bin/sh # -# 2012 Jake Guffey (jake.guffey at eprotex.com) +# 2014 Jake Guffey (jake.guffey at eprotex.com) # # This file is part of cdist. # @@ -26,27 +26,27 @@ #set -x if [ -f "$__object/parameter/name" ]; then - name="$(cat "$__object/parameter/name")" + name="$(cat "$__object/parameter/name")" else - name="$__object_id" + name="$__object_id" fi if [ -f "$__object/parameter/flavor" ]; then - flavor="$(cat "$__object/parameter/flavor")" + flavor="$(cat "$__object/parameter/flavor")" fi if [ -f "$__object/parameter/version" ]; then - version="$(cat "$__object/parameter/version")" + version="$(cat "$__object/parameter/version")" fi if [ -f "$__object/parameter/upgrade" ]; then - upgrade="true" + upgrade="true" else upgrade="false" fi if [ -f "$__object/parameter/repo" ]; then - repo="$(cat "$__object/parameter/repo")" + repo="$(cat "$__object/parameter/repo")" fi if [ -f "$__object/parameter/state" ]; then @@ -82,15 +82,15 @@ execcmd(){ ;; esac - echo "$_cmd 2>&- >&-" # Silence the output of the command - echo "status=\$?" - echo "if [ \"\$status\" -ne \"0\" ]; then" - echo " echo \"Error: ${_cmd} exited nonzero with \$status\"'!' >&2" - echo " exit 1" - echo "fi" + echo "$_cmd 2>&- >&-" # Silence the output of the command + echo "status=\$?" + echo "if [ \"\$status\" -ne \"0\" ]; then" + echo " echo \"Error: ${_cmd} exited nonzero with \$status\"'!' >&2" + echo " exit 1" + echo "fi" } -if [ -n "$curr_version" ]; then # PKG *is* installed +if [ -n "$curr_version" ]; then # PKG *is* installed if [ -n "$repo" ]; then cmd="-r ${repo} ${name}" else @@ -114,7 +114,7 @@ if [ -n "$curr_version" ]; then # PKG *is* installed else : # Do nothing. fi -else # PKG *isn't* installed +else # PKG *isn't* installed if [ "$state" = "absent" ]; then # Shouldn't be installed exit 0 else # Should be installed From ffd2935cc438e8e9ef7b7953f3d2201b2b2c7e5d Mon Sep 17 00:00:00 2001 From: Steven Armstrong Date: Thu, 25 Sep 2014 16:16:15 +0200 Subject: [PATCH 05/27] complete rewrite - add support for authorized_keys options see sshd(8) - add support for explicit comment after key - do not allow a key to exist more then once in an authorized_keys file - remove all conflicting keys Signed-off-by: Steven Armstrong --- .../__ssh_authorized_keys/explorer/entries | 32 ++++++++++++++++ .../explorer/{passwd => file} | 12 ++++-- .../type/__ssh_authorized_keys/explorer/group | 3 +- .../conf/type/__ssh_authorized_keys/man.text | 38 ++++++++++++++----- .../conf/type/__ssh_authorized_keys/manifest | 34 +++++++---------- .../__ssh_authorized_keys/parameter/optional | 4 +- 6 files changed, 88 insertions(+), 35 deletions(-) create mode 100755 cdist/conf/type/__ssh_authorized_keys/explorer/entries rename cdist/conf/type/__ssh_authorized_keys/explorer/{passwd => file} (68%) diff --git a/cdist/conf/type/__ssh_authorized_keys/explorer/entries b/cdist/conf/type/__ssh_authorized_keys/explorer/entries new file mode 100755 index 00000000..04e25880 --- /dev/null +++ b/cdist/conf/type/__ssh_authorized_keys/explorer/entries @@ -0,0 +1,32 @@ +#!/bin/sh +# +# 2014 Steven Armstrong (steven-cdist at armstrong.cc) +# +# This file is part of cdist. +# +# cdist is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# cdist is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with cdist. If not, see . +# + +# Find and sort any entries in the authorized_keys file that we care about + +file="$($__type_explorer/file)" + +( + while read key; do + # extract the keytype and base64 encoded key ignoring any options and comment + type_and_key="$(echo "$key" | tr ' ' '\n' | awk '/^(ssh|ecdsa)-[^ ]+/ { printf $1" "; getline; printf $1 }')" + # emit any entries that match the type and key + grep ".*$type_and_key[ \n]" "$file" + done < "$__object/parameter/key" +) | sort diff --git a/cdist/conf/type/__ssh_authorized_keys/explorer/passwd b/cdist/conf/type/__ssh_authorized_keys/explorer/file similarity index 68% rename from cdist/conf/type/__ssh_authorized_keys/explorer/passwd rename to cdist/conf/type/__ssh_authorized_keys/explorer/file index e6352ee0..5a02721a 100755 --- a/cdist/conf/type/__ssh_authorized_keys/explorer/passwd +++ b/cdist/conf/type/__ssh_authorized_keys/explorer/file @@ -1,6 +1,6 @@ #!/bin/sh # -# 2012 Steven Armstrong (steven-cdist at armstrong.cc) +# 2014 Steven Armstrong (steven-cdist at armstrong.cc) # # This file is part of cdist. # @@ -18,6 +18,10 @@ # along with cdist. If not, see . # -owner="$(cat "$__object/parameter/owner" 2>/dev/null || echo "$__object_id")" - -getent passwd "$owner" || true +if [ -f "$__object/parameter/file" ]; then + cat "$__object/parameter/file" +else + owner="$(cat "$__object/parameter/owner" 2>/dev/null || echo "$__object_id")" + home=$(getent passwd "$owner" | cut -d':' -f 6) + echo "$home/.ssh/authorized_keys" +fi diff --git a/cdist/conf/type/__ssh_authorized_keys/explorer/group b/cdist/conf/type/__ssh_authorized_keys/explorer/group index cdea6fe7..72a4e314 100755 --- a/cdist/conf/type/__ssh_authorized_keys/explorer/group +++ b/cdist/conf/type/__ssh_authorized_keys/explorer/group @@ -18,5 +18,6 @@ # along with cdist. If not, see . # -gid="$("$__type_explorer/passwd" | cut -d':' -f 4)" +owner="$(cat "$__object/parameter/owner" 2>/dev/null || echo "$__object_id")" +gid="$(getent passwd "$owner" | cut -d':' -f 4)" getent group "$gid" || true diff --git a/cdist/conf/type/__ssh_authorized_keys/man.text b/cdist/conf/type/__ssh_authorized_keys/man.text index 2e4202a7..d5523a6e 100644 --- a/cdist/conf/type/__ssh_authorized_keys/man.text +++ b/cdist/conf/type/__ssh_authorized_keys/man.text @@ -12,13 +12,13 @@ DESCRIPTION ----------- Adds or removes ssh keys from a authorized_keys file. -This type uses the __ssh_dot_ssh type to the directory containing -the authorized_keys file. -You can disable this feature with the --noparent boolean parameter. +This type uses the __ssh_dot_ssh type to manage the directory containing +the authorized_keys file. You can disable this feature with the --noparent +boolean parameter. The existence, ownership and permissions of the authorized_keys file itself are also managed. This can be disabled with the --nofile boolean parameter. It is -then left to the user to ensure that the file exists and that ownership and +then left to the user to ensure that the file exists and that ownership and permissions work with ssh. @@ -31,15 +31,23 @@ key:: OPTIONAL PARAMETERS ------------------- +comment:: + explicit comment instead of the one which may be trailing the given key + +file:: + an alternative destination file, defaults to ~$owner/.ssh/authorized_keys + +option:: + an option to set for all created authorized_key entries. + Can be specified multiple times. + See sshd(8) for available options. + owner:: the user owning the authorized_keys file, defaults to object_id. state:: if the given keys should be 'present' or 'absent', defaults to 'present'. -file:: - an alternative destination file, defaults to ~$owner/.ssh/authorized_keys - BOOLEAN PARAMETERS ------------------ @@ -64,13 +72,24 @@ __ssh_authorized_keys root \ __ssh_authorized_keys user-name \ --key "ssh-rsa AXYZAAB3NzaC1yc2..." +# allow key to login as user-name with options and expicit comment +__ssh_authorized_keys user-name \ + --key "ssh-rsa AXYZAAB3NzaC1yc2..." \ + --option no-agent-forwarding \ + --option 'from="*.example.com"' \ + --comment 'backup server' + # same as above, but with explicit owner and two keys +# note that the options are set for all given keys __ssh_authorized_keys some-fancy-id \ --owner user-name \ --key "ssh-rsa AXYZAAB3NzaC1yc2..." \ - --key "ssh-rsa AZXYAAB3NzaC1yc2..." + --key "ssh-rsa AZXYAAB3NzaC1yc2..." \ + --option no-agent-forwarding \ + --option 'from="*.example.com"' \ + --comment 'backup server' -# same as above, but authorized_keys file in non standard location +# authorized_keys file in non standard location __ssh_authorized_keys some-fancy-id \ --file /etc/ssh/keys/user-name/authorized_keys \ --owner user-name \ @@ -89,6 +108,7 @@ __ssh_authorized_keys some-fancy-id \ SEE ALSO -------- - cdist-type(7) +- sshd(8) COPYING diff --git a/cdist/conf/type/__ssh_authorized_keys/manifest b/cdist/conf/type/__ssh_authorized_keys/manifest index 5885ec77..0fcfed5b 100755 --- a/cdist/conf/type/__ssh_authorized_keys/manifest +++ b/cdist/conf/type/__ssh_authorized_keys/manifest @@ -21,16 +21,7 @@ owner="$(cat "$__object/parameter/owner" 2>/dev/null || echo "$__object_id")" state="$(cat "$__object/parameter/state" 2>/dev/null)" -if [ -f "$__object/parameter/file" ]; then - file="$(cat "$__object/parameter/file")" -else - home="$(cut -d':' -f 6 "$__object/explorer/passwd")" - if [ -z "$home" ]; then - echo "Failed to get home directory from explorer." >&2 - exit 1 - fi - file="$home/.ssh/authorized_keys" -fi +file="$(cat "$__object/explorer/file")" if [ ! -f "$__object/parameter/noparent" -o ! -f "$__object/parameter/nofile" ]; then group="$(cut -d':' -f 1 "$__object/explorer/group")" @@ -50,6 +41,7 @@ if [ ! -f "$__object/parameter/noparent" -o ! -f "$__object/parameter/nofile" ]; --group "$group" \ --mode 0600 \ --state exists + export require="__file/$file" fi fi @@ -63,22 +55,24 @@ __block "$__object_name" \ --text - << DONE remove legacy block DONE +export require="__block/$__object_name" _cksum() { echo "$1" | cksum | cut -d' ' -f 1 } while read key; do - cksum_key="$(_cksum "$key")" - line_id="${owner}-${cksum_key}" - - set -- "$line_id" + type_and_key="$(echo "$key" | tr ' ' '\n' | awk '/^(ssh|ecdsa)-[^ ]+/ { printf $1" "; getline; printf $1 }')" + object_id="$(_cksum "$file")-$(_cksum "$type_and_key")" + set -- "$object_id" set -- "$@" --file "$file" - set -- "$@" --regex ".*$key.*" - if [ "$state" = 'present' ]; then - set -- "$@" --line "$key" - fi + set -- "$@" --key "$key" set -- "$@" --state "$state" - # Ensure __line does not read stdin - require="__block/$__object_name" __line "$@" < /dev/null + if [ -f "$__object/parameter/option" ]; then + set -- "$@" --option "$(cat "$__object/parameter/option")" + fi + if [ -f "$__object/parameter/comment" ]; then + set -- "$@" --comment "$(cat "$__object/parameter/comment")" + fi + __ssh_authorized_key "$@" done < "$__object/parameter/key" diff --git a/cdist/conf/type/__ssh_authorized_keys/parameter/optional b/cdist/conf/type/__ssh_authorized_keys/parameter/optional index 989750b3..21f9bc29 100644 --- a/cdist/conf/type/__ssh_authorized_keys/parameter/optional +++ b/cdist/conf/type/__ssh_authorized_keys/parameter/optional @@ -1,3 +1,5 @@ +comment +file +option owner state -file From 68586a0c3dd6c45568901dc48458f76de451322f Mon Sep 17 00:00:00 2001 From: Steven Armstrong Date: Thu, 25 Sep 2014 16:23:38 +0200 Subject: [PATCH 06/27] new type to manage a single ssh authorized_key entry Signed-off-by: Steven Armstrong --- .../type/__ssh_authorized_key/explorer/entry | 26 +++++++ cdist/conf/type/__ssh_authorized_key/man.text | 67 +++++++++++++++++ cdist/conf/type/__ssh_authorized_key/manifest | 75 +++++++++++++++++++ .../parameter/default/state | 1 + .../__ssh_authorized_key/parameter/optional | 2 + .../parameter/optional_multiple | 1 + .../__ssh_authorized_key/parameter/required | 2 + 7 files changed, 174 insertions(+) create mode 100755 cdist/conf/type/__ssh_authorized_key/explorer/entry create mode 100644 cdist/conf/type/__ssh_authorized_key/man.text create mode 100755 cdist/conf/type/__ssh_authorized_key/manifest create mode 100644 cdist/conf/type/__ssh_authorized_key/parameter/default/state create mode 100644 cdist/conf/type/__ssh_authorized_key/parameter/optional create mode 100644 cdist/conf/type/__ssh_authorized_key/parameter/optional_multiple create mode 100644 cdist/conf/type/__ssh_authorized_key/parameter/required diff --git a/cdist/conf/type/__ssh_authorized_key/explorer/entry b/cdist/conf/type/__ssh_authorized_key/explorer/entry new file mode 100755 index 00000000..78031ab5 --- /dev/null +++ b/cdist/conf/type/__ssh_authorized_key/explorer/entry @@ -0,0 +1,26 @@ +#!/bin/sh +# +# 2014 Steven Armstrong (steven-cdist at armstrong.cc) +# +# This file is part of cdist. +# +# cdist is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# cdist is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with cdist. If not, see . +# + +# extract the keytype and base64 encoded key ignoring any options and comment +type_and_key="$(cat "$__object/parameter/key" | tr ' ' '\n' | awk '/^(ssh|ecdsa)-[^ ]+/ { printf $1" "; getline; printf $1 }')" +file="$(cat $__object/parameter/file)" + +# get any entries that match the type and key +grep ".*$type_and_key[ \n]" "$file" || true diff --git a/cdist/conf/type/__ssh_authorized_key/man.text b/cdist/conf/type/__ssh_authorized_key/man.text new file mode 100644 index 00000000..b519222c --- /dev/null +++ b/cdist/conf/type/__ssh_authorized_key/man.text @@ -0,0 +1,67 @@ +cdist-type__ssh_authorized_key(7) +================================= +Steven Armstrong + + +NAME +---- +cdist-type__ssh_authorized_key - manage a single ssh authorized key entry + + +DESCRIPTION +----------- +Manage a single authorized key entry in an authorized_key file. +This type was created to be used by the __ssh_authorized_keys type. + + +REQUIRED PARAMETERS +------------------- +file:: + the authorized_keys file to which the given key should be added + +key:: + a string containing the ssh keytype, base 64 encoded key and optional + trailing comment which shall be added to the given authorized_keys file. + + +OPTIONAL PARAMETERS +------------------- +comment:: + explicit comment instead of the one which may be trailing the given key + +option:: + an option to set for this authorized_key entry. + Can be specified multiple times. + See sshd(8) for available options. + +state:: + if the given keys should be 'present' or 'absent', defaults to 'present'. + + +EXAMPLES +-------- + +-------------------------------------------------------------------------------- +__ssh_authorized_key some-id \ + --file "/home/user/.ssh/autorized_keys" \ + --key "$(cat ~/.ssh/id_rsa.pub)" + +__ssh_authorized_key some-id \ + --file "/home/user/.ssh/autorized_keys" \ + --key "$(cat ~/.ssh/id_rsa.pub)" \ + --option 'command="/path/to/script"' \ + --option 'environment="FOO=bar"' \ + --comment 'one to rule them all' +-------------------------------------------------------------------------------- + + +SEE ALSO +-------- +- cdist-type(7) +- cdist__ssh_authorized_keys(7) +- sshd(8) + +COPYING +------- +Copyright \(C) 2014 Steven Armstrong. Free use of this software is +granted under the terms of the GNU General Public License version 3 (GPLv3). diff --git a/cdist/conf/type/__ssh_authorized_key/manifest b/cdist/conf/type/__ssh_authorized_key/manifest new file mode 100755 index 00000000..eb7ae859 --- /dev/null +++ b/cdist/conf/type/__ssh_authorized_key/manifest @@ -0,0 +1,75 @@ +#!/bin/sh +# +# 2014 Steven Armstrong (steven-cdist at armstrong.cc) +# +# This file is part of cdist. +# +# cdist is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# cdist is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with cdist. If not, see . +# + +file="$(cat "$__object/parameter/file")" +state="$(cat "$__object/parameter/state")" +mkdir "$__object/files" + +_cksum() { + echo "$1" | cksum | cut -d' ' -f 1 +} + +_do_line() { + file="$1" + line="$2" + state="$3" + line_id="$(_cksum "$file")-$(_cksum "$line")" + + set -- "$line_id" + set -- "$@" --file "$file" + set -- "$@" --line "$line" + set -- "$@" --state "$state" + # Ensure __line does not read stdin + __line "$@" < /dev/null +} + +# Generate the entry as it should be +( + if [ -f "$__object/parameter/option" ]; then + options="$(cat "$__object/parameter/option" | tr '\n' ',')" + printf '%s ' "${options%*,}" + fi + if [ -f "$__object/parameter/comment" ]; then + # extract the keytype and base64 encoded key ignoring any options and comment + printf '%s ' "$(cat "$__object/parameter/key" | tr ' ' '\n' | awk '/^(ssh|ecdsa)-[^ ]+/ { printf $1" "; getline; printf $1 }')" + # override the comment with the one explicitly given + printf '%s' "$(cat "$__object/parameter/comment")" + else + printf '%s' "$(cat "$__object/parameter/key")" + fi +) > "$__object/files/should" + +# Check for existing and conflicting entries and remove them +if [ -s "$__object/explorer/entry" ]; then + # We have existing entries for this key. + # Check if any of them are in conflict to how the entry should be. + # Note that the file has to be sorted for comparison with `comm`. + sort "$__object/explorer/entry" > "$__object/files/is" + comm -13 "$__object/files/should" "$__object/files/is" | { + # Remove conflicting entries + while read entry; do + _do_line "$file" "$entry" absent + done + } +fi + +# Manage the actual entry as it should be +entry="$(cat "$__object/files/should")" +_do_line "$file" "$entry" "$state" diff --git a/cdist/conf/type/__ssh_authorized_key/parameter/default/state b/cdist/conf/type/__ssh_authorized_key/parameter/default/state new file mode 100644 index 00000000..e7f6134f --- /dev/null +++ b/cdist/conf/type/__ssh_authorized_key/parameter/default/state @@ -0,0 +1 @@ +present diff --git a/cdist/conf/type/__ssh_authorized_key/parameter/optional b/cdist/conf/type/__ssh_authorized_key/parameter/optional new file mode 100644 index 00000000..89e8d966 --- /dev/null +++ b/cdist/conf/type/__ssh_authorized_key/parameter/optional @@ -0,0 +1,2 @@ +comment +state diff --git a/cdist/conf/type/__ssh_authorized_key/parameter/optional_multiple b/cdist/conf/type/__ssh_authorized_key/parameter/optional_multiple new file mode 100644 index 00000000..01925a15 --- /dev/null +++ b/cdist/conf/type/__ssh_authorized_key/parameter/optional_multiple @@ -0,0 +1 @@ +option diff --git a/cdist/conf/type/__ssh_authorized_key/parameter/required b/cdist/conf/type/__ssh_authorized_key/parameter/required new file mode 100644 index 00000000..d51426c3 --- /dev/null +++ b/cdist/conf/type/__ssh_authorized_key/parameter/required @@ -0,0 +1,2 @@ +file +key From eed058426a1ec1fc4dce68af2cb1cd3775c2a272 Mon Sep 17 00:00:00 2001 From: Steven Armstrong Date: Thu, 25 Sep 2014 16:35:19 +0200 Subject: [PATCH 07/27] fix that stupid stdin is truncated bug again Signed-off-by: Steven Armstrong --- cdist/conf/type/__ssh_authorized_keys/manifest | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/cdist/conf/type/__ssh_authorized_keys/manifest b/cdist/conf/type/__ssh_authorized_keys/manifest index 0fcfed5b..6a536e1b 100755 --- a/cdist/conf/type/__ssh_authorized_keys/manifest +++ b/cdist/conf/type/__ssh_authorized_keys/manifest @@ -74,5 +74,6 @@ while read key; do if [ -f "$__object/parameter/comment" ]; then set -- "$@" --comment "$(cat "$__object/parameter/comment")" fi - __ssh_authorized_key "$@" + # Ensure __ssh_authorized_key does not read stdin + __ssh_authorized_key "$@" < /dev/null done < "$__object/parameter/key" From b17a1f0edbfc189c0eac47e94a08f763a2405834 Mon Sep 17 00:00:00 2001 From: Steven Armstrong Date: Sat, 27 Sep 2014 11:40:06 +0200 Subject: [PATCH 08/27] removing and adding keys must be atomic If we delegate this to multiple seprarate objects (e.g. using __line) and the config run is interrupted after applying only some of them we may leave the target in some random state. We may have even locked ourself out of the target. So remove and add keys ourself so either none are all changes are applied. Signed-off-by: Steven Armstrong --- .../{manifest => gencode-remote} | 72 ++++++++++++------- 1 file changed, 47 insertions(+), 25 deletions(-) rename cdist/conf/type/__ssh_authorized_key/{manifest => gencode-remote} (63%) diff --git a/cdist/conf/type/__ssh_authorized_key/manifest b/cdist/conf/type/__ssh_authorized_key/gencode-remote similarity index 63% rename from cdist/conf/type/__ssh_authorized_key/manifest rename to cdist/conf/type/__ssh_authorized_key/gencode-remote index eb7ae859..478826db 100755 --- a/cdist/conf/type/__ssh_authorized_key/manifest +++ b/cdist/conf/type/__ssh_authorized_key/gencode-remote @@ -18,31 +18,36 @@ # along with cdist. If not, see . # -file="$(cat "$__object/parameter/file")" -state="$(cat "$__object/parameter/state")" -mkdir "$__object/files" - -_cksum() { - echo "$1" | cksum | cut -d' ' -f 1 -} - -_do_line() { +remove_line() { file="$1" line="$2" - state="$3" - line_id="$(_cksum "$file")-$(_cksum "$line")" - - set -- "$line_id" - set -- "$@" --file "$file" - set -- "$@" --line "$line" - set -- "$@" --state "$state" - # Ensure __line does not read stdin - __line "$@" < /dev/null + cat << DONE +tmpfile=\$(mktemp ${file}.cdist.XXXXXXXXXX) +# preserve ownership and permissions of existing file +if [ -f "$file" ]; then + cp -p "$file" "\$tmpfile" +fi +grep -v -F -x '$line' '$file' > \$tmpfile || true +mv -f "\$tmpfile" "$file" +DONE } +add_line() { + file="$1" + line="$2" + # escape single quotes + line_sanitised=$(echo "$line" | sed -e "s/'/'\"'\"'/g") + printf '%s' "printf '%s\n' '$line_sanitised' >> $file" +} + + +file="$(cat "$__object/parameter/file")" +mkdir "$__object/files" + # Generate the entry as it should be ( if [ -f "$__object/parameter/option" ]; then + # comma seperated list of options options="$(cat "$__object/parameter/option" | tr '\n' ',')" printf '%s ' "${options%*,}" fi @@ -56,20 +61,37 @@ _do_line() { fi ) > "$__object/files/should" -# Check for existing and conflicting entries and remove them +# Remove conflicting entries if any if [ -s "$__object/explorer/entry" ]; then - # We have existing entries for this key. - # Check if any of them are in conflict to how the entry should be. - # Note that the file has to be sorted for comparison with `comm`. + # Note that the files have to be sorted for comparison with `comm`. sort "$__object/explorer/entry" > "$__object/files/is" comm -13 "$__object/files/should" "$__object/files/is" | { - # Remove conflicting entries while read entry; do - _do_line "$file" "$entry" absent + remove_line "$file" "$entry" done } fi +# Determine the current state +state_should="$(cat "$__object/parameter/state")" +if grep -q -F -x "$entry" "$__object/explorer/entry"; then + state_is="present" +else + state_is="absent" +fi + # Manage the actual entry as it should be +if [ "$state_should" = "$state_is" ]; then + # Nothing to do + exit 0 +fi + entry="$(cat "$__object/files/should")" -_do_line "$file" "$entry" "$state" +case "$state_should" in + present) + add_line "$file" "$entry" + ;; + absent) + remove_line "$file" "$entry" + ;; +esac From 4125dfaab000ec1d5edd9b73c9caf3343e051d3d Mon Sep 17 00:00:00 2001 From: Steven Armstrong Date: Mon, 29 Sep 2014 10:46:00 +0200 Subject: [PATCH 09/27] them files should end in newline stupid Signed-off-by: Steven Armstrong --- cdist/conf/type/__ssh_authorized_key/gencode-remote | 1 + 1 file changed, 1 insertion(+) diff --git a/cdist/conf/type/__ssh_authorized_key/gencode-remote b/cdist/conf/type/__ssh_authorized_key/gencode-remote index 478826db..7224f039 100755 --- a/cdist/conf/type/__ssh_authorized_key/gencode-remote +++ b/cdist/conf/type/__ssh_authorized_key/gencode-remote @@ -59,6 +59,7 @@ mkdir "$__object/files" else printf '%s' "$(cat "$__object/parameter/key")" fi + printf '\n' ) > "$__object/files/should" # Remove conflicting entries if any From 4c52b10f936e7aab0791ce37d51ed65a3f7332b2 Mon Sep 17 00:00:00 2001 From: Steven Armstrong Date: Mon, 29 Sep 2014 10:57:27 +0200 Subject: [PATCH 10/27] maybe better define variable _before_ using it Signed-off-by: Steven Armstrong --- cdist/conf/type/__ssh_authorized_key/gencode-remote | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/cdist/conf/type/__ssh_authorized_key/gencode-remote b/cdist/conf/type/__ssh_authorized_key/gencode-remote index 7224f039..8a5276b8 100755 --- a/cdist/conf/type/__ssh_authorized_key/gencode-remote +++ b/cdist/conf/type/__ssh_authorized_key/gencode-remote @@ -18,6 +18,8 @@ # along with cdist. If not, see . # +set -u + remove_line() { file="$1" line="$2" @@ -74,6 +76,7 @@ if [ -s "$__object/explorer/entry" ]; then fi # Determine the current state +entry="$(cat "$__object/files/should")" state_should="$(cat "$__object/parameter/state")" if grep -q -F -x "$entry" "$__object/explorer/entry"; then state_is="present" @@ -87,7 +90,6 @@ if [ "$state_should" = "$state_is" ]; then exit 0 fi -entry="$(cat "$__object/files/should")" case "$state_should" in present) add_line "$file" "$entry" From a3ac99a6c8f25281b85a15ae390c13f4e7651ca2 Mon Sep 17 00:00:00 2001 From: Nico Schottelius Date: Mon, 29 Sep 2014 11:16:13 +0200 Subject: [PATCH 11/27] ++changes Signed-off-by: Nico Schottelius --- docs/changelog | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/changelog b/docs/changelog index bec1ceed..2e1e41e3 100644 --- a/docs/changelog +++ b/docs/changelog @@ -8,6 +8,7 @@ Changelog 3.1.7: * Type __cdistmarker: Fix typo (Ricardo Catalinas Jiménez) * Core: Bugfix: Export messaging to manifests (Ricardo Catalinas Jiménez) + * Explorer cpu_cores, cpu_sockets, memory: Add Mac OS X support (Manuel Hutter) 3.1.6: 2014-08-18 * New Type: __ssh_dot_ssh From 41782cb10719d04b0650f2b51e86e3adef8fdea0 Mon Sep 17 00:00:00 2001 From: Steven Armstrong Date: Mon, 29 Sep 2014 14:47:25 +0200 Subject: [PATCH 12/27] workaround special case where the desired key was already present more then once in target file Signed-off-by: Steven Armstrong --- cdist/conf/type/__ssh_authorized_key/gencode-remote | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/cdist/conf/type/__ssh_authorized_key/gencode-remote b/cdist/conf/type/__ssh_authorized_key/gencode-remote index 8a5276b8..62c79ed2 100755 --- a/cdist/conf/type/__ssh_authorized_key/gencode-remote +++ b/cdist/conf/type/__ssh_authorized_key/gencode-remote @@ -78,9 +78,18 @@ fi # Determine the current state entry="$(cat "$__object/files/should")" state_should="$(cat "$__object/parameter/state")" -if grep -q -F -x "$entry" "$__object/explorer/entry"; then +num_existing_entries=$(grep -c -F -x "$entry" "$__object/explorer/entry") +if [ $num_existing_entries -eq 1 ]; then state_is="present" else + # Posix grep does not define the -m option, so we can not remove a single + # occurence of a string from a file in the `remove_line` function. Instead + # _all_ occurences are removed. + # By using `comm` to detect conflicting entries this could lead to the + # situation that the key we want to add is actually removed. + # To workaround this we must treat 0 or more then 1 existing entries to + # mean current state is 'absent'. By doing this, the key is readded + # again after cleaning up conflicting entries. state_is="absent" fi From c70834eaff5bbad1173d30ca2cf8c6df47efd7c9 Mon Sep 17 00:00:00 2001 From: Daniel Heule Date: Mon, 29 Sep 2014 17:28:45 +0200 Subject: [PATCH 13/27] implemented some sugestions from nico --- .../conf/type/__package_emerge/gencode-remote | 25 ++++++++----------- .../__package_emerge/parameter/default/state | 1 + .../parameter/default/version | 0 3 files changed, 12 insertions(+), 14 deletions(-) create mode 100644 cdist/conf/type/__package_emerge/parameter/default/state create mode 100644 cdist/conf/type/__package_emerge/parameter/default/version diff --git a/cdist/conf/type/__package_emerge/gencode-remote b/cdist/conf/type/__package_emerge/gencode-remote index f72d982a..1199fc72 100644 --- a/cdist/conf/type/__package_emerge/gencode-remote +++ b/cdist/conf/type/__package_emerge/gencode-remote @@ -27,36 +27,32 @@ else name="$__object_id" fi -if [ -f "$__object/parameter/state" ]; then - state_should="$(cat "$__object/parameter/state")" -else - state_should="present" -fi +state_should="$(cat "$__object/parameter/state")" -if [ -f "$__object/parameter/version" ]; then - version="$(cat "$__object/parameter/version")" -else - version="" -fi +version="$(cat "$__object/parameter/version")" -if [ ! -z "$version" ]; then +if [ -n "$version" ]; then name="=$name-$version" fi pkg_version="$(cat "$__object/explorer/pkg_version")" if [ -z "$pkg_version" ]; then state_is="absent" -elif [ ! -z "$version" -a $(echo "$pkg_version" | wc -l) -gt 1 ]; then +elif [ -z "$version" -a $(echo "$pkg_version" | wc -l) -gt 1 ]; then echo "Package name is not unique! The following packages are installed:" echo "$pkg_version" exit 1 -elif [ -z "$version" -a $(echo "$pkg_version" | cut -d " " -f 1 | sort | uniq | wc -l) -gt 1 ]; then +elif [ -n "$version" -a $(echo "$pkg_version" | cut -d " " -f 1 | sort | uniq | wc -l) -gt 1 ]; then echo "Package name is not unique! The following packages are installed:" echo "$pkg_version" exit 1 else state_is="present" - installed_version="$(echo "$pkg_version" | cut -d " " -f 2 | tail -n 1)" + if [ -n "$version" ] && echo "$pkg_version" | cut -d " " -f 2 | grep -q -x "$version"; then + installed_version="$(echo "$pkg_version" | cut -d " " -f 2 | grep -x "$version")" + else + installed_version="$(echo "$pkg_version" | cut -d " " -f 2 | tail -n 1)" + fi fi @@ -64,6 +60,7 @@ fi [ "$state_is" = "$state_should" ] && ( [ -z "$version" ] || [ "$installed_version" = "$version" ] ) && exit 0 [ "$state_should" = "absent" ] && [ ! -z "$version" ] && [ "$installed_version" != "$version" ] && exit 0 + case "$state_should" in present) echo "emerge \"$name\" &>/dev/null || exit 1" diff --git a/cdist/conf/type/__package_emerge/parameter/default/state b/cdist/conf/type/__package_emerge/parameter/default/state new file mode 100644 index 00000000..e7f6134f --- /dev/null +++ b/cdist/conf/type/__package_emerge/parameter/default/state @@ -0,0 +1 @@ +present diff --git a/cdist/conf/type/__package_emerge/parameter/default/version b/cdist/conf/type/__package_emerge/parameter/default/version new file mode 100644 index 00000000..e69de29b From 2ec357c45474439c676cd44539fcbd3f167ca6a1 Mon Sep 17 00:00:00 2001 From: Nico Schottelius Date: Mon, 29 Sep 2014 21:15:56 +0200 Subject: [PATCH 14/27] ++changes Signed-off-by: Nico Schottelius --- docs/changelog | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/changelog b/docs/changelog index 2e1e41e3..5316bb7b 100644 --- a/docs/changelog +++ b/docs/changelog @@ -9,6 +9,8 @@ Changelog * Type __cdistmarker: Fix typo (Ricardo Catalinas Jiménez) * Core: Bugfix: Export messaging to manifests (Ricardo Catalinas Jiménez) * Explorer cpu_cores, cpu_sockets, memory: Add Mac OS X support (Manuel Hutter) + * Type __ssh_authorized_keys: Ensure keys are correctly added (Steven Armstrong) + * New Type: __ssh_authorized_key (Steven Armstrong) 3.1.6: 2014-08-18 * New Type: __ssh_dot_ssh From ba32c2d5943ffca204456aa890c28e8682aa0ef5 Mon Sep 17 00:00:00 2001 From: Nico Schottelius Date: Mon, 29 Sep 2014 21:20:16 +0200 Subject: [PATCH 15/27] +__package_pkgng_freebsd Signed-off-by: Nico Schottelius --- docs/changelog | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/docs/changelog b/docs/changelog index 5316bb7b..b75fff18 100644 --- a/docs/changelog +++ b/docs/changelog @@ -5,13 +5,14 @@ Changelog * Exception: No braces means author == Nico Schottelius -3.1.7: +3.1.7: 2014-09-29 * Type __cdistmarker: Fix typo (Ricardo Catalinas Jiménez) * Core: Bugfix: Export messaging to manifests (Ricardo Catalinas Jiménez) * Explorer cpu_cores, cpu_sockets, memory: Add Mac OS X support (Manuel Hutter) * Type __ssh_authorized_keys: Ensure keys are correctly added (Steven Armstrong) * New Type: __ssh_authorized_key (Steven Armstrong) - + * New Type: __package_pkgng_freebsd (Jake Guffey) + 3.1.6: 2014-08-18 * New Type: __ssh_dot_ssh * Type __package_yum: Support retrieving package via URL From 896e8875115f8f534ac0279a5024999d9b2f2bd1 Mon Sep 17 00:00:00 2001 From: Nico Schottelius Date: Mon, 29 Sep 2014 21:26:07 +0200 Subject: [PATCH 16/27] use mkaurball instead of makepkg Signed-off-by: Nico Schottelius --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 396551fb..5c366783 100644 --- a/Makefile +++ b/Makefile @@ -186,7 +186,7 @@ ARCHLINUX_FILE=.lock-archlinux ARCHLINUXTAR=cdist-$(CHANGELOG_VERSION)-1.src.tar.gz $(ARCHLINUXTAR): PKGBUILD - umask 022; makepkg -c --source + umask 022; mkaurball PKGBUILD: PKGBUILD.in $(PYTHON_VERSION) ./PKGBUILD.in $(CHANGELOG_VERSION) From fd6b90a7364a7f60bf30519bbb0cef1cb43f223b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ricardo=20Catalinas=20Jim=C3=A9nez?= Date: Sun, 21 Sep 2014 17:02:01 +0100 Subject: [PATCH 17/27] Cosmetic --- cdist/conf/type/__apt_update_index/man.text | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cdist/conf/type/__apt_update_index/man.text b/cdist/conf/type/__apt_update_index/man.text index 778af508..628292dc 100644 --- a/cdist/conf/type/__apt_update_index/man.text +++ b/cdist/conf/type/__apt_update_index/man.text @@ -5,7 +5,7 @@ Steven Armstrong NAME ---- -cdist-type__apt_update_index - update apt's package index +cdist-type__apt_update_index - Update apt's package index DESCRIPTION From ff880b4287832da009aaf5648a7543e8df7374cc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ricardo=20Catalinas=20Jim=C3=A9nez?= Date: Sun, 21 Sep 2014 17:02:26 +0100 Subject: [PATCH 18/27] Fix comment --- cdist/conf/type/__package/manifest | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cdist/conf/type/__package/manifest b/cdist/conf/type/__package/manifest index 3e8928c0..25e43b30 100755 --- a/cdist/conf/type/__package/manifest +++ b/cdist/conf/type/__package/manifest @@ -19,7 +19,7 @@ # # # __package is an abstract type which dispatches to the lower level -# __package_$name types which do the actual interaction with the packaging +# __package_$type types which do the actual interaction with the packaging # system. # From e1c45e11fc7f1cafd4493b4bb540a50fca4e14b9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ricardo=20Catalinas=20Jim=C3=A9nez?= Date: Sun, 21 Sep 2014 17:02:56 +0100 Subject: [PATCH 19/27] Fix style typos in type's doc --- docs/man/man7/cdist-type.text | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/man/man7/cdist-type.text b/docs/man/man7/cdist-type.text index 323fc130..71d04ab3 100644 --- a/docs/man/man7/cdist-type.text +++ b/docs/man/man7/cdist-type.text @@ -100,7 +100,7 @@ echo use_ssl >> cdist/conf/type/__nginx_vhost/parameter/boolean USING PARAMETERS ---------------- The parameters given to a type can be accessed and used in all type scripts -(e.g manifest, gencode-*, explorer/*). Note that boolean parameters are +(e.g manifest, gencode, explorer). Note that boolean parameters are represented by file existence. File exists -> True, file does not exist -> False @@ -281,7 +281,7 @@ on the target, there must be another type that provides this tool and the first type should create an object of the specific type. If your type wants to save temporary data, that may be used by other types -later on (for instance __file), you can save them in the subdirectory +later on (for instance \__file), you can save them in the subdirectory "files" below $__object (but you must create it yourself). cdist will not touch this directory. From 9184c310f21ff94c3f3ccac2e5876bc88e4946f2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ricardo=20Catalinas=20Jim=C3=A9nez?= Date: Sun, 21 Sep 2014 17:26:31 +0100 Subject: [PATCH 20/27] Fix formatting of manifest doc --- docs/man/man7/cdist-manifest.text | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/docs/man/man7/cdist-manifest.text b/docs/man/man7/cdist-manifest.text index 96346c08..73e480ea 100644 --- a/docs/man/man7/cdist-manifest.text +++ b/docs/man/man7/cdist-manifest.text @@ -110,6 +110,7 @@ setup the variable "require" to contain the requirements. Multiple requirements can be added white space separated. -------------------------------------------------------------------------------- + 1 # No dependency 2 __file /etc/cdist-configured 3 @@ -121,19 +122,18 @@ requirements can be added white space separated. 9 require="__file/etc/cdist-configured __link/tmp/cdist-testfile" \ 10 __file /tmp/cdist-another-testfile - -------------------------------------------------------------------------------- Above the "require" variable is only set for the command that is immediately following it. Dependencies should allways be declared that way. -On line 4 you can see that the instantion of a type "__link" object needs +On line 4 you can see that the instantion of a type "\__link" object needs the object "__file/etc/cdist-configured" to be present, before it can proceed. -This also means that the "__link" command must make sure, that either -"__file/etc/cdist-configured" allready is present, or, if it's not, it needs +This also means that the "\__link" command must make sure, that either +"\__file/etc/cdist-configured" allready is present, or, if it's not, it needs to be created. The task of cdist is to make sure, that the dependency will be -resolved appropriately and thus "__file/etc/cdist-configured" be created +resolved appropriately and thus "\__file/etc/cdist-configured" be created if necessary before "__link" proceeds (or to abort execution with an error). All objects that are created in a type manifest are automatically required From 3e7c804fe5c755285046b40ce9d3965bbf095e79 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ricardo=20Catalinas=20Jim=C3=A9nez?= Date: Sun, 21 Sep 2014 17:59:38 +0100 Subject: [PATCH 21/27] Explain in the doc how to create a global dependency --- docs/man/man7/cdist-manifest.text | 25 ++++++++++++++++++++++++- 1 file changed, 24 insertions(+), 1 deletion(-) diff --git a/docs/man/man7/cdist-manifest.text b/docs/man/man7/cdist-manifest.text index 73e480ea..80df5410 100644 --- a/docs/man/man7/cdist-manifest.text +++ b/docs/man/man7/cdist-manifest.text @@ -125,7 +125,7 @@ requirements can be added white space separated. -------------------------------------------------------------------------------- Above the "require" variable is only set for the command that is -immediately following it. Dependencies should allways be declared that way. +immediately following it. Dependencies should always be declared that way. On line 4 you can see that the instantion of a type "\__link" object needs the object "__file/etc/cdist-configured" to be present, before it can proceed. @@ -136,6 +136,29 @@ to be created. The task of cdist is to make sure, that the dependency will be resolved appropriately and thus "\__file/etc/cdist-configured" be created if necessary before "__link" proceeds (or to abort execution with an error). +If you really need to make all types depend on a common dependency, you can +export the "require" variable as well. But then, if you need to add extra +dependencies to a specific type, you have to make sure that you append these +to the globally already defined one. + +-------------------------------------------------------------------------------- + +# First of all, update the package index +__package_update_index +# Upgrade all the installed packages afterwards +require="__package_update_index" __package_upgrade_all +# Create a common dependency for all the next types so that they get to +# be executed only after the package upgrade has finished +export require="__package_upgrade_all" + +# Ensure that lighttpd is installed after we have upgraded all the packages +__package lighttpd --state present +# Ensure that munin is installed after lighttpd is present and after all +# the packages are upgraded +require="$require __package/lighttpd" __package munin --state present + +-------------------------------------------------------------------------------- + All objects that are created in a type manifest are automatically required from the type that is calling them. This is called "autorequirement" in cdist jargon. From 81bd4c33380b7ce63df05614098e44ffeacbcfb6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ricardo=20Catalinas=20Jim=C3=A9nez?= Date: Sun, 21 Sep 2014 17:01:15 +0100 Subject: [PATCH 22/27] Add types __package_{update_index,upgrade_all} --- .../__package_update_index/gencode-remote | 49 +++++++++++++++ .../conf/type/__package_update_index/man.text | 52 ++++++++++++++++ .../__package_update_index/parameter/optional | 1 + .../type/__package_update_index/singleton | 0 .../type/__package_upgrade_all/gencode-remote | 59 +++++++++++++++++++ .../conf/type/__package_upgrade_all/man.text | 52 ++++++++++++++++ .../__package_upgrade_all/parameter/optional | 1 + .../conf/type/__package_upgrade_all/singleton | 0 8 files changed, 214 insertions(+) create mode 100755 cdist/conf/type/__package_update_index/gencode-remote create mode 100644 cdist/conf/type/__package_update_index/man.text create mode 100644 cdist/conf/type/__package_update_index/parameter/optional create mode 100644 cdist/conf/type/__package_update_index/singleton create mode 100755 cdist/conf/type/__package_upgrade_all/gencode-remote create mode 100644 cdist/conf/type/__package_upgrade_all/man.text create mode 100644 cdist/conf/type/__package_upgrade_all/parameter/optional create mode 100644 cdist/conf/type/__package_upgrade_all/singleton diff --git a/cdist/conf/type/__package_update_index/gencode-remote b/cdist/conf/type/__package_update_index/gencode-remote new file mode 100755 index 00000000..a120121d --- /dev/null +++ b/cdist/conf/type/__package_update_index/gencode-remote @@ -0,0 +1,49 @@ +#!/bin/sh +# +# 2014 Ricardo Catalinas Jiménez (jimenezrick at gmail.com) +# +# This file is part of cdist. +# +# cdist is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# cdist is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with cdist. If not, see . +# +# +# Update the package index with the appropriate package manager +# + +type="$__object/parameter/type" +if [ -f "$type" ]; then + type="$(cat "$type")" +else + # By default determine package manager based on operating system + os="$(cat "$__global/explorer/os")" + case "$os" in + amazon|centos|fedora|redhat) type="yum" ;; + debian|ubuntu) type="apt" ;; + archlinux) type="pacman" ;; + *) + echo "Don't know how to manage packages on: $os" >&2 + exit 1 + ;; + esac +fi + +case "$type" in + yum) ;; + apt) echo "apt-get update" ;; + pacman) echo "pacman --sync --refresh" ;; + *) + echo "Don't know how to manage packages on: $os" >&2 + exit 1 + ;; +esac diff --git a/cdist/conf/type/__package_update_index/man.text b/cdist/conf/type/__package_update_index/man.text new file mode 100644 index 00000000..6435e51d --- /dev/null +++ b/cdist/conf/type/__package_update_index/man.text @@ -0,0 +1,52 @@ +cdist-type__package_update_index(7) +=================================== +Ricardo Catalinas Jiménez + + +NAME +---- +cdist-type__package_update_index - Update the package index + + +DESCRIPTION +----------- +This cdist type allows you to update the package index on the target. +It will automatically use the appropriate package manager. + + +REQUIRED PARAMETERS +------------------- +None + + +OPTIONAL PARAMETERS +------------------- +type:: + The package manager to use. Default is determined based on the $os + explorer variable. + e.g. apt for Debian + yum for Red Hat + pacman for Arch Linux + + +EXAMPLES +-------- + +-------------------------------------------------------------------------------- +# Update the package index on the target +__package_update_index + +# Force use of a specific package manager +__package_update_index --type apt +-------------------------------------------------------------------------------- + + +SEE ALSO +-------- +- cdist-type(7) + + +COPYING +------- +Copyright \(C) 2014 Ricardo Catalinas Jiménez. Free use of this software is +granted under the terms of the GNU General Public License version 3 (GPLv3). diff --git a/cdist/conf/type/__package_update_index/parameter/optional b/cdist/conf/type/__package_update_index/parameter/optional new file mode 100644 index 00000000..aa80e646 --- /dev/null +++ b/cdist/conf/type/__package_update_index/parameter/optional @@ -0,0 +1 @@ +type diff --git a/cdist/conf/type/__package_update_index/singleton b/cdist/conf/type/__package_update_index/singleton new file mode 100644 index 00000000..e69de29b diff --git a/cdist/conf/type/__package_upgrade_all/gencode-remote b/cdist/conf/type/__package_upgrade_all/gencode-remote new file mode 100755 index 00000000..09404af9 --- /dev/null +++ b/cdist/conf/type/__package_upgrade_all/gencode-remote @@ -0,0 +1,59 @@ +#!/bin/sh +# +# 2014 Ricardo Catalinas Jiménez (jimenezrick at gmail.com) +# +# This file is part of cdist. +# +# cdist is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# cdist is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with cdist. If not, see . +# +# +# Upgrade all the already installed packages with the appropriate package +# manager +# + +type="$__object/parameter/type" +if [ -f "$type" ]; then + type="$(cat "$type")" +else + # By default determine package manager based on operating system + os="$(cat "$__global/explorer/os")" + case "$os" in + amazon|centos|fedora|redhat) type="yum" ;; + debian|ubuntu) type="apt" ;; + archlinux) type="pacman" ;; + *) + echo "Don't know how to manage packages on: $os" >&2 + exit 1 + ;; + esac +fi + +case "$type" in + yum) + echo "yum --assumeyes update" + echo "yum clean all" + ;; + apt) + echo "apt-get --yes dist-upgrade" + echo "apt-get autoclean" + ;; + pacman) + echo "pacman --noconfirm --sync --sysupgrade" + echo "pacman --noconfirm --sync --clean" + ;; + *) + echo "Don't know how to manage packages on: $os" >&2 + exit 1 + ;; +esac diff --git a/cdist/conf/type/__package_upgrade_all/man.text b/cdist/conf/type/__package_upgrade_all/man.text new file mode 100644 index 00000000..6d3e1338 --- /dev/null +++ b/cdist/conf/type/__package_upgrade_all/man.text @@ -0,0 +1,52 @@ +cdist-type__package_upgrade_all(7) +================================== +Ricardo Catalinas Jiménez + + +NAME +---- +cdist-type__package_upgrade_all - Upgrade all the installed packages + + +DESCRIPTION +----------- +This cdist type allows you to upgrade all the installed packages on the +target. It will automatically use the appropriate package manager. + + +REQUIRED PARAMETERS +------------------- +None + + +OPTIONAL PARAMETERS +------------------- +type:: + The package manager to use. Default is determined based on the $os + explorer variable. + e.g. apt for Debian + yum for Red Hat + pacman for Arch Linux + + +EXAMPLES +-------- + +-------------------------------------------------------------------------------- +# Upgrade all the installed packages on the target +__package_upgrade_all + +# Force use of a specific package manager +__package_upgrade_all --type apt +-------------------------------------------------------------------------------- + + +SEE ALSO +-------- +- cdist-type(7) + + +COPYING +------- +Copyright \(C) 2014 Ricardo Catalinas Jiménez. Free use of this software is +granted under the terms of the GNU General Public License version 3 (GPLv3). diff --git a/cdist/conf/type/__package_upgrade_all/parameter/optional b/cdist/conf/type/__package_upgrade_all/parameter/optional new file mode 100644 index 00000000..aa80e646 --- /dev/null +++ b/cdist/conf/type/__package_upgrade_all/parameter/optional @@ -0,0 +1 @@ +type diff --git a/cdist/conf/type/__package_upgrade_all/singleton b/cdist/conf/type/__package_upgrade_all/singleton new file mode 100644 index 00000000..e69de29b From c01c3891210cf8f990b695cef99a735582651aea Mon Sep 17 00:00:00 2001 From: Nico Schottelius Date: Wed, 1 Oct 2014 15:32:31 +0200 Subject: [PATCH 23/27] remove obsolete .version file Signed-off-by: Nico Schottelius --- .version | 1 - 1 file changed, 1 deletion(-) delete mode 100644 .version diff --git a/.version b/.version deleted file mode 100644 index 71f08595..00000000 --- a/.version +++ /dev/null @@ -1 +0,0 @@ -2.1.0-pre1 From 6d795fc5dd2c14cc6fa78ab7d225f4c5eede6641 Mon Sep 17 00:00:00 2001 From: Nico Schottelius Date: Wed, 1 Oct 2014 16:03:16 +0200 Subject: [PATCH 24/27] release 3.1.8: allow users to upgrade their packages Signed-off-by: Nico Schottelius --- docs/changelog | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/docs/changelog b/docs/changelog index b75fff18..364ccb45 100644 --- a/docs/changelog +++ b/docs/changelog @@ -5,6 +5,10 @@ Changelog * Exception: No braces means author == Nico Schottelius +3.1.8: 2014-10-01 + * New Type: __package_update_index (Ricardo Catalinas Jiménez) + * New Type: __package_upgrade_all (Ricardo Catalinas Jiménez) + 3.1.7: 2014-09-29 * Type __cdistmarker: Fix typo (Ricardo Catalinas Jiménez) * Core: Bugfix: Export messaging to manifests (Ricardo Catalinas Jiménez) From fb45416193604848d9c81c605620cfc9a2b02c56 Mon Sep 17 00:00:00 2001 From: Nico Schottelius Date: Thu, 2 Oct 2014 15:22:27 +0200 Subject: [PATCH 25/27] ++changes Signed-off-by: Nico Schottelius --- docs/changelog | 3 +++ 1 file changed, 3 insertions(+) diff --git a/docs/changelog b/docs/changelog index 364ccb45..0b175ae9 100644 --- a/docs/changelog +++ b/docs/changelog @@ -5,6 +5,9 @@ Changelog * Exception: No braces means author == Nico Schottelius +3.1.9: + * Type __package_emerge: Fix handling of slotted packages (Daniel Heule) + 3.1.8: 2014-10-01 * New Type: __package_update_index (Ricardo Catalinas Jiménez) * New Type: __package_upgrade_all (Ricardo Catalinas Jiménez) From 5cfe5693694f8be3e6197c08b67b3364452c4dd3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ricardo=20Catalinas=20Jim=C3=A9nez?= Date: Sun, 5 Oct 2014 15:59:27 +0100 Subject: [PATCH 26/27] Make __package_apt even more non-interactive --- cdist/conf/type/__package_apt/gencode-remote | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cdist/conf/type/__package_apt/gencode-remote b/cdist/conf/type/__package_apt/gencode-remote index 57339db3..08216db1 100755 --- a/cdist/conf/type/__package_apt/gencode-remote +++ b/cdist/conf/type/__package_apt/gencode-remote @@ -44,7 +44,7 @@ esac # Hint if we need to avoid questions at some point: # DEBIAN_PRIORITY=critical can reduce the number of questions -aptget="DEBIAN_FRONTEND=noninteractive apt-get --quiet --yes --no-install-recommends -o DPkg::Options::=\"--force-confold\"" +aptget="DEBIAN_FRONTEND=noninteractive apt-get --quiet --yes --no-install-recommends -o Dpkg::Options::=\"--force-confdef\" -o Dpkg::Options::=\"--force-confold\"" [ "$state_is" = "$state_should" ] && exit 0 From 967652b5fe16b9b06aebfee75b25549c58a49971 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ricardo=20Catalinas=20Jim=C3=A9nez?= Date: Sun, 5 Oct 2014 16:00:10 +0100 Subject: [PATCH 27/27] Make __package_{update_index,upgrade_all} quieter And more non-interactive for the APT case. --- .../type/__package_update_index/gencode-remote | 5 +++-- .../type/__package_upgrade_all/gencode-remote | 15 +++++++++------ 2 files changed, 12 insertions(+), 8 deletions(-) diff --git a/cdist/conf/type/__package_update_index/gencode-remote b/cdist/conf/type/__package_update_index/gencode-remote index a120121d..8ee837eb 100755 --- a/cdist/conf/type/__package_update_index/gencode-remote +++ b/cdist/conf/type/__package_update_index/gencode-remote @@ -22,6 +22,7 @@ # type="$__object/parameter/type" + if [ -f "$type" ]; then type="$(cat "$type")" else @@ -40,8 +41,8 @@ fi case "$type" in yum) ;; - apt) echo "apt-get update" ;; - pacman) echo "pacman --sync --refresh" ;; + apt) echo "apt-get --quiet update" ;; + pacman) echo "pacman --noprogressbar --sync --refresh" ;; *) echo "Don't know how to manage packages on: $os" >&2 exit 1 diff --git a/cdist/conf/type/__package_upgrade_all/gencode-remote b/cdist/conf/type/__package_upgrade_all/gencode-remote index 09404af9..57676a57 100755 --- a/cdist/conf/type/__package_upgrade_all/gencode-remote +++ b/cdist/conf/type/__package_upgrade_all/gencode-remote @@ -23,6 +23,7 @@ # type="$__object/parameter/type" + if [ -f "$type" ]; then type="$(cat "$type")" else @@ -39,18 +40,20 @@ else esac fi +aptget="DEBIAN_FRONTEND=noninteractive apt-get --quiet --yes --no-install-recommends -o Dpkg::Options::=\"--force-confdef\" -o Dpkg::Options::=\"--force-confold\"" + case "$type" in yum) - echo "yum --assumeyes update" - echo "yum clean all" + echo "yum --quiet --assumeyes update" + echo "yum --quiet clean all" ;; apt) - echo "apt-get --yes dist-upgrade" - echo "apt-get autoclean" + echo $aptget dist-upgrade + echo "apt-get --quiet autoclean" ;; pacman) - echo "pacman --noconfirm --sync --sysupgrade" - echo "pacman --noconfirm --sync --clean" + echo "pacman --noprogressbar --noconfirm --sync --sysupgrade" + echo "pacman --noprogressbar --noconfirm --sync --clean" ;; *) echo "Don't know how to manage packages on: $os" >&2